blackmoon | f1a5a755a7498f9fa93d4e8a99887bf548016f7869f1716fb573162b4fe1ca7b

Sharing

Copy URL Twitter E-mail

General

Target

f1a5a755a7498f9fa93d4e8a99887bf548016f7869f1716fb573162b4fe1ca7b
Size

10.7MB
MD5

44262a3d35b930d266837836583e4163
SHA1

54162c398e64737bfc1db384561863f66d4792cc
SHA256

f1a5a755a7498f9fa93d4e8a99887bf548016f7869f1716fb573162b4fe1ca7b
SHA512

663c3d98bfad0046ae412958ca61c162f8efa07549cb70036cee6e727b53a3cb4e658cad8875ec4cd6b9fb1ceaece301ad32804340bafb086c79f81bcdbe6f67
SSDEEP

196608:Sc+f6FB8D41QbQB0vIL4X7uhqn5/SbcPDYSIkkJFlJxxeQfTnQpHj6g0J:Sc+f6z8D4ia0tX7usn5Ec8PJFlJxIqeI

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1a5a755a7498f9fa93d4e8a99887bf548016f7869f1716fb573162b4fe1ca7b

Files

f1a5a755a7498f9fa93d4e8a99887bf548016f7869f1716fb573162b4fe1ca7b
.dll windows x86

39e05e50c2eb9058093d23004c69d6d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlMoveMemory
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
GetCommandLineA
GetModuleFileNameA
HeapSize
GetStringTypeW
VirtualAlloc
IsBadReadPtr
lstrcpynA
WriteConsoleW
FlushFileBuffers
GetTickCount
GetCurrentThreadId
DecodePointer
GetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
SetFilePointer
RtlUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LoadLibraryW
SetStdHandle
CreateFileW

user32

MessageBoxA
wsprintfA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

Exports

Exports

commandline
divxmain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39e05e50c2eb9058093d23004c69d6d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 10.6MB - Virtual size: 10.6MB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 10.6MB - Virtual size: 10.6MB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 26KB - Virtual size: 26KB